refactor: enforce strict architecture rules and add Pydantic response models

- Update architecture rules to be stricter (API-003 now blocks ALL exception
  raising in endpoints, not just HTTPException)
- Update get_current_vendor_api dependency to guarantee token_vendor_id presence
- Remove redundant _get_vendor_from_token helpers from all vendor API files
- Move vendor access validation to service layer methods
- Add Pydantic response models for media, notification, and payment endpoints
- Add get_active_vendor_by_code service method for public vendor lookup
- Add get_import_job_for_vendor service method with vendor validation
- Update validation script to detect exception raising patterns in endpoints

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

app/api/v1/vendor/orders.py

@@ -1,6 +1,9 @@
 # app/api/v1/vendor/orders.py
 """
 Vendor order management endpoints.
+
+Vendor Context: Uses token_vendor_id from JWT token (authenticated vendor API pattern).
+The get_current_vendor_api dependency guarantees token_vendor_id is present.
 """
 
 import logging
@@ -42,20 +45,9 @@ def get_vendor_orders(
     Vendor is determined from JWT token (vendor_id claim).
     Requires Authorization header (API endpoint).
     """
-    from fastapi import HTTPException
-
-    # Get vendor ID from token
-    if not hasattr(current_user, "token_vendor_id"):
-        raise HTTPException(
-            status_code=400,
-            detail="Token missing vendor information. Please login again.",
-        )
-
-    vendor_id = current_user.token_vendor_id
-
     orders, total = order_service.get_vendor_orders(
         db=db,
-        vendor_id=vendor_id,
+        vendor_id=current_user.token_vendor_id,
         skip=skip,
         limit=limit,
         status=status,
@@ -81,18 +73,9 @@ def get_order_details(
 
     Requires Authorization header (API endpoint).
     """
-    from fastapi import HTTPException
-
-    # Get vendor ID from token
-    if not hasattr(current_user, "token_vendor_id"):
-        raise HTTPException(
-            status_code=400,
-            detail="Token missing vendor information. Please login again.",
-        )
-
-    vendor_id = current_user.token_vendor_id
-
-    order = order_service.get_order(db=db, vendor_id=vendor_id, order_id=order_id)
+    order = order_service.get_order(
+        db=db, vendor_id=current_user.token_vendor_id, order_id=order_id
+    )
 
     return OrderDetailResponse.model_validate(order)
 
@@ -117,19 +100,11 @@ def update_order_status(
 
     Requires Authorization header (API endpoint).
     """
-    from fastapi import HTTPException
-
-    # Get vendor ID from token
-    if not hasattr(current_user, "token_vendor_id"):
-        raise HTTPException(
-            status_code=400,
-            detail="Token missing vendor information. Please login again.",
-        )
-
-    vendor_id = current_user.token_vendor_id
-
     order = order_service.update_order_status(
-        db=db, vendor_id=vendor_id, order_id=order_id, order_update=order_update
+        db=db,
+        vendor_id=current_user.token_vendor_id,
+        order_id=order_id,
+        order_update=order_update,
     )
 
     logger.info(